0xffchain

Burn the fucking bridges !?

@ScrewCopper @bytes032 @oot2k1 There is no more obvious training ground for new SR‘s. So when next there is a high and the market demand for SR naturally increases, existing SR will be in high demand , as there are less new entrants compared to before .

@bytes032 @oot2k1 wait why, tell me broo, your predictions always come true for some reason

This is incredibly sad

@MitchellAmador Could you explain more on the ai fad? How did SRs abandon the space to chase that

It's been almost a year since I wrote this, and blocksec has changed a tonne. Have things become better or worse for security researchers? I feel like we were able to prevent some of these (Immunefi continues to pay millions in bounties monthly) but things feel much rougher. And some players abandoned their SRs entirely to chase the AI fad. We need to understand what went wrong to make 2026 the whitehat summer we're all hoping for.

After I am done understanding what the report is about, I go back to the original finding... I read the finding to make sure I am not missing any meat, and to also absolve as much as I can of the context and feed my eyes with the pattern so its easier to catch on sight.

AI helping alot with digesting reports. But you can miss alot if you is primarily AI to read a report alone. My workflow is: I feed the report to AI to get the hang of whats its talking about, and it summarizes it with an existing framework.

@cryptodavidw Same applies to reading, I just send AI to summarise.

I feel like AI has taken a lot of my drive to write. I used to LOVE writing so much, as one can attest from my blog. Since LLMs have become so good at writing it feels so pointless to write. It's not so special anymore. You don't stand out. Worse, AI writes better than me. What's the point anymore? I understand Lee Sedol.

Any day I don't follow my routine I feel weird. Thats cool. Exercise + breathwork, breathwork + meditation and off the conquer the day...

Pomodoro leaves me exhausted when I complete my sessions, and also gives this level of satisfaction knowing you accomplished something for the day.

My goal for the coming months is perfecting my routine. Pomodoro is back on board baby...

@emmanuelSR77 My middle name is bob

- April 2027. $1M audit contest. - SRs unleash their god-tier AIs to hunt vulns (Mythos is the weakest tool in the arena). - Bob finds a bug through manual audit. - Contest ends. 23 unique vulns found. 22 of them have 20+ duplicates each. - Bob takes $950K.

@it_me_joel @pcaversaccio "back in my day!"

@pcaversaccio old man yells at sky

rant time: people are so fucking obsessed with building more tools, more products, more services, more "security" layers. are you guys all fucking insane?? every single thing you add is more complexity. and complexity is exactly what makes systems _dangerous_. you don't get safer by stacking abstractions on top of abstractions. you just increase the attack surface and pray the whole dependency chain doesn't collapse (hint: it will collapse!!). now you depend on 10, 50, 100 moving parts. all needing updates, all with their own bugs, all potential supply chain failures and we call that "security" like fucking retards. dude, it's the fucking opposite. we're not building safer systems. we're building systems so complex nobody actually understands them anymore. and almost nobody is asking the obvious question: **what can we remove?** everyone wants to add. nobody wants to reduce. that's how you end up in a nightmare system (hint: we're already in that nightmare). not because of one big failure. but because of thousands of tiny dependencies you never should have had in the first place.

Once you understand the data architecture of the application you working on, you half understood the application already, most of the logic is just manipulating that data in interesting ways.

Cause I believe in this time, regardless of what you work on, AI is already a factor. So understanding it deeply should be a force multiplier.

I have been thinking of what to work on, on my spare time. Like a weekend project, but I am yet to find. Maybe work on understanding how LLM's actually work under the hood?

@banteg What of 0/1? common that cant get hacked.

guys don't tell me your answer to 1/1 multisigs getting hacked is 2/2 multisigs. sometimes i feel this industry is incapable of learning.

😂🤣

@4gontuk No connection between the contest kinda model and most of the recent hacks.

Public audit contests have dropped massively over the past few months, while multi-million dollar hacks have surged. We’ve already seen several major incidents in 2026. Coincidence… or something more?

@shafu0x Too late.

make defi dumb again

What makes LLM's so good at helping with other vectors that are less reviewed or have less SR talents?

@PabloSabbatella @GalloDaSballo @getreconxyz I think most of this have been used frequently already.

@GalloDaSballo @getreconxyz Sim swaps Domain hijacks Social engineering Zero-day exploits Insider threat Impersonation

What other vectors are being constantly underestimated and will lead to more massive exploits?